Re: [RFC] bpf: Emit audit messages upon successful prog load and unload

> + > +static const char * const bpf_audit_str[] = { > + [BPF_AUDIT_LOAD] = "LOAD", > + [BPF_AUDIT_UNLOAD] = "UNLOAD", > +}; > + > +static void bpf_audit_prog(const struct bpf_prog *prog, enum bpf_audit op) > +{ > + struct audit_context *ctx = NULL; > + struct audit_buffer *ab; > + > + if (audit_enabled == AUDIT_OFF) > + return; > + if (op == BPF_AUDIT_LOAD) > + ctx = audit_context(); > + ab = audit_log_start(ctx, GFP_ATOMIC, AUDIT_BPF); > + if (unlikely(!ab)) > + return; > + audit_log_format(ab, "prog-id=%u op=%s", > + prog->aux->id, bpf_audit_str[op]); > + audit_log_end(ab); > +} As mentioned previously, I still think it might be a good idea to ensure "op" is within the bounds of bpf_audit_str, but the audit bits look reasonable to me.